With the recent Equifax security breach projected to affect up to 143 million Americans, nearly half the total U.S. population, today’s consumers seem to be at greater risk of identity theft than ever before. Even regular monitoring of one’s credit and debit accounts may not be enough to prevent fraudsters from opening up bogus accounts under an individual’s Social Security Number, and relatively few credit card or identity thieves tend to be caught and prosecuted.
But while the consequences of theft of one’s personal identity information tends to be limited to that individual, identity theft in the business context can be far more expansive, affecting your livelihood and reputation while potentially exposing your vendors’, customers’, and clients’ private data. Read on to learn more about some of the effects identification theft can have on a business, as well as the steps you can take to prevent and correct this fraud–including the use of a smart POS solution like the Clover Duo.
Impact of Identity Theft on a Business
Business identity theft can often go far beyond a breach of customers’ credit card numbers or personal information: instead, business identity thieves may pose as legitimate businesses, complete with online directory listings routing customers to a different address and phone number and the creation of uniforms, business cards, or even identification badges with your company’s logo.
This identity fraud allows the perpetrators to gain access to credit lines or even poach customers under the guise of providing legitimate business services under your business’s name. Unless you happen to stumble across one of these fraudulent listings yourself, notice that your credit lines show recent mysterious withdrawals, or investigate further after receiving confusing communications from your current customers, you may not have any idea your business has become the victim of identity theft until much of the damage has already been done.
Protecting Your Business Against Identity Theft
While this type of business identity fraud can be far-reaching, and no industry or service provider is immune, there are a few steps you can take to significantly reduce your exposure to identity theft and preserve your customers’ trust. Payment Card Industry (PCI) compliance and online processing can help your business achieve its privacy and security goals.
PCI Compliance
PCI compliance involves the achievement of multiple online security goals, from maintaining a secure payment network to protect customer financial data, implementing antivirus software solutions on your own network to protect against ransomware, and putting documented access control measures into place to prevent breaches by your own employees.
Businesses that aren’t PCI compliant and that accept payments by credit card can be assessed significant fines and penalties for each data breach that occurs. When you’re already dealing with the consequences of identity fraud on your own business’s operations, facing these additional fines can add insult to injury.
To ensure your business maintains a PCI-compliant status, you’ll need to:
- Install a separate firewall to protect data generated by credit card payments
- Update all default passwords
- Avoid automatically storing cardholder data if possible
- Utilize encryption to prevent breach of cardholder data when transmitted over unsecured networks
- Subscribe to alerts that can let you know when you’ve been hacked or made vulnerable
- Use highly-rated antivirus software and avoid letting your subscription lapse
- Set and document policies to allow employee access to secure data on a need-to-know basis
- Use unique identifiers for employees to create an electronic data trail for internal breach investigation
Many of these measures, particularly those involving encryption and documented access to cardholder data, can be achieved by using a reputable smart POS system, like the Clover Mini, to process your business’s credit card payments. Not only do smart POS systems allow you to process credit card payments far more quickly than a check or even cash, they can protect you (and your customers) against data breaches that can leave you vulnerable to identity and financial theft.
Online Processing
In addition to implementing PCI compliance within your own business, utilizing online payment processing with a reputable vendor that guarantees PCI compliance in its own security measures can allow you to rest assured that your customer data (and your own business’s data) is in safe hands.
By accepting credit card payments, you’ll need to rely on outside resources to transmit these payments to the issuer, from your internet service provider to your payment processor. Taking steps to identify the parties involved in each transaction and ensure that each of these parties has its own documented security systems is the best way to provide all-encompassing protection. (For example, using a PCI-compliant payment processing vendor won’t do much good if your internet connection is unencrypted or your computer has no antivirus protection, as your customer data is likely to be compromised well before the credit card information ever makes it to the processor.)
Outsourcing your payment processing to an online, PCI-compliant vendor, along with ensuring your own business is PCI compliant by using a smart POS system like the Clover Station, should significantly minimize the amount of time your business spends identifying and correcting harmful data breaches.